30. Januar 2019
As email continues to be the most common vector of all social cyber-attacks (96%), phishing has become increasingly common. According to a recent Verizon report, phishing and pretexting actually represent 98% of social incidents and 93% of breaches.
Phishing is a craft of the cybercriminals. Phishing is what they do for a living: they harvest your confidential data and make a profit of it. They do this by sending a message, composed and sent via email to the recipients, encouraging them to perform an action by clicking a mouse button. To know how it works, simply imagine the following.
You are going fishing. For this, you need to have a few things: a fishing-rod, bait, and, goes without saying, a lake. When you did your homework, you would go to the lake, inhabited with small-, medium- and large-sized fish (i.e., companies with different business capital). Then you fish around and wait for fish to take the bait. Once you are on the hook (clicked the attachment), there is no way back. The fraudster reels you in, and all your personal data right with it.
When phishing, cyber fraudsters do the same. But this time the items are different:
So, you need to learn about how not to get on the hook of the internet fraudsters in the first place. Secondly, think over the email protection thoroughly in order to leave criminals no chances or back ways to phish in your lake.
Phishing is never out-of-season.
Unlike the other ‘trends’ for a data breach, phishing attacks are the most fashionable one. And a good role in that is played by pretexting.
Pretexting is the deceptive message created to ‘fish out’ sensitive information or somehow inﬂuence a victim’s behavior (could be followed by malware installation, that ends with data disclosing).
Finance employees are the ones that often become victims of the phishing emails as they are keepers of sensitive financial information.
A criminal, impersonating the CEO (or other top-executive), emails and encourages them to take a certain action (such as transferring money). An easy task with invoice-handling can lead to the redirection of funds to the fake bank site, with you filling out your credit card details, account credentials, and other personal data. This scheme of stealing personal data is called a Business Email Compromise (BEC).
In order to protect your enterprise from the phishing attack, you have to remember one thing: thieves never call at the front door. They use backdoors. To prevent your enterprise from phishing attacks, you have to be sure you do not leave windows and doors of your secure IT-infrastructure open.
Consider some measures being taken as well. In the first place, think about your email (because it is the weakest link in your cybersecurity). And when you do, never underestimate one factor. The humans.
Most employees who are going to click a phishing email do so in just over an hour.
The more employees, the more potential threats. The more potential threats, the bigger the consequences of the attack. Moreover, an email that comes from a trusted contact isn’t necessarily safe. Fifty-six percent of IT security decision-makers said that targeted phishing attacks were the top security threat they faced.
Phishing attacks are meant to make a person perform some action. We have already figured that out. More surprisingly, most people act (click) without anybody’s help, of their own free will. As a consequence, breaches really begin with your staﬀ.
To protect email from phishing attacks on business correspondence, you may do the following:
But these are preventive methods that help you mitigate fraudulent emails only – not completely eliminate them. To defend yourself from phishing attacks, you need to put email security on one side of the scales and the convenience of use on the other one and balance them.
Fortunately, StealthMail already did that.
In its solution of protecting personal data, StealthMail uses an approach where all the above countermeasures are met. But as you use it, the solution does not only prevent but also excludes the possibility of the phishing attack.
StealthMail ensures the security and privacy of your business correspondence. The solution encrypts the message content and, separately, its attachments. This solution keeps your data encrypted either in transit or at rest.
StealthMail is installed as an add-in to Outlook, which means that your employees can continue using Microsoft Outlook as their primary email client. No integration is needed.
Some of the key features of StealthMail:
It is important to note that StealthMail not only provides multi-layered military-grade protection for your business email correspondence from all sorts of cyber-attacks but also defends it from your own mistakes (whether they are conscious or unconscious).